[Snort-users] Excluding a single IP from HOME_NET

Jeff Kell jeff-kell at ...6282...
Fri May 30 09:03:29 EDT 2008


Cees wrote:
> (BTW Jeff, a pass rule won't work since the IDS isn't placed inline.)

If you use the pass rule, and run snort with "-o" so pass rules come 
first, the net effect is that your excluded IP matches the pass rule and 
no further rules are evaluated on that packet.

Doesn't matter if you're inline or not.

Jeff




More information about the Snort-users mailing list